VulncastBriefing archive

Daily Brief - 2026-06-28

· 4 vulnerabilities · 6 min listen

▶ Listen to this briefing

CVE-2023-37524

high · CVSS 7.7 · HCL Traveler for Microsoft Outlook

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service.  Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerable third-party components.

  • Outdated Dependencies
  • Known Vulnerability Exploitation
  • .net framework
  • outlook plugin

CVE-2026-12415

critical · CVSS 9.8 · Invoice Generator Invoice Generator

The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentication, ownership, or a nonce. This makes it possible for unauthenticated attackers to change the email address of any user, including administrators, and then trigger WordPress's password reset flow to gain access to the targeted account.

  • Privilege Escalation
  • Account Takeover
  • wordpress plugin
  • web application

CVE-2026-13333

medium · CVSS 6.5 · Groundhogg Groundhogg

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Sales Representative-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The sanitized Contact_Query code path can be bypassed by supplying an invalid filter type (e.g., query[filters][0][0][type]=invalid_filter_nonexistent), causing a FilterException to be caught and execution to fall through to the unsanitized Legacy_Contact_Query path.

  • SQL Injection
  • php
  • wordpress plugin
  • web application

CVE-2026-49417

FreeBSD FreeBSD

Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible through the stale mapping. The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).

  • Use-After-Free
  • Privilege Escalation
  • Denial of Service
  • unix kernel
  • audio driver